Method and system for pre-accessing conference telephone and network side device

ABSTRACT

A method for pre-accessing a conference telephone is disclosed in the present invention. The method includes that: a network side detects a received call whose target is a main control party after the main control party initiates an encryption conference telephone; the call is not accessed if the call is a non-encryption conversation; the call is allowed to be accessed if the call is an encryption conversation. A system for pre-accessing a conference telephone is also disclosed in the present invention, wherein, the system includes a pre-accessing processing unit and a call type detection unit of the network side. A network side device is also disclosed in the present invention. The present invention realizes the pre-accessing of the encryption conference telephone, thereby improving security of the encryption conversation as well as avoiding the problem that a user is frequently affected when performing the encryption conference telephone.

TECHNICAL FIELD

The present invention relates to the field of the mobile communicationtechnology, and in particular, to a method, system and network sidedevice for pre-accessing a conference telephone.

BACKGROUND OF THE RELATED ART

The voice conversation is the most fundamental service of the mobilecommunication network and it is also the most important service, andalso concerned by most users and operators. Its confidentiality andsecurity are also one of important contents of the mobile networktechnology. At present, the mobile phone with the encryptionconversation function receives more and more attentions, and especiallythe organizations and individuals, such as the sensitive department ofthe government, and the intelligence agency and so on, pay muchattention to the security and confidentiality.

The conference telephone function of the mobile phone, based on itsadvantage of simple building and good mobility, is more and more widelyused by people. The conference telephone is used mainly for three ormore users to perform the conversation at the same time. For theinitiator, the three-party conversation services have to be registeredin the network side at first, and then it can be used.

The inventor of the application of the present invention finds that: themobile phones with the encryption conversation function are basicallybased on the voice encryption and decryption from end to end at present,which does not need the network to participate, so it cannot perform theoperation of encryption and decryption by using the security keyencryption factor (Ki) in the network or the other keys generated by theKi, such as the cipher key (abbreviated as CK) and so on.

In sum, the security of the current conference telephone service of themobile phone is not high, and it is probably affected by other unknownnon-encryption conversation.

SUMMARY OF THE INVENTION

The technical problem that the present invention solves is to provide amethod, system and network side device for pre-accessing a conferencetelephone, to improve the security of the conference telephone service.

In order to solve the above-mentioned technical problem, the presentinvention provides a method for pre-accessing a conference telephone,comprising:

a network side detecting a received call whose target is a main controlparty after the main control party initiates an encryption conferencetelephone; if the call is a non-encryption conversation, then notaccessing the call; if the call is an encryption conversation, thenallowing to access the call.

Wherein, the step of a network side detecting a received call whosetarget is a main control party comprises:

if a call establishment message of the call comprises a call type andthe call type is encryption, then the network side judging the call asan encryption conversation; otherwise judging the call as anon-encryption conversation.

Wherein, the call type is realized through a user—user informationelement (UUIE) field in the call establishment message, and when contentof the UUIE field is “ENCRYPTION VOICE”, that the call type isencryption is indicated.

The method further comprises:

after the encryption conference telephone enters a conversation state, aterminal and the network side of the encryption conference telephoneperforming encryption and decryption on voice data of the conversationaccording to the call type.

Wherein, the step of performing encryption and decryption on voice dataof the conversation comprises:

a calling terminal using a cipher key (CK) of a sending party as anoperational factor to encrypt uplink voice data, and uploading theencrypted voice data to the network side; and

after the network side receives the encrypted voice data and afterperforming the decryption by using the CK of the sending party as theoperational factor, then using the CK of a receiving party as theoperational factor to encrypt the voice data, and sending the encryptedvoice data to a called terminal; the called terminal using the CK of thereceiving party as the operational factor to decrypt received downlinkvoice data.

The method further comprises:

after the network side allows to access the call, the main control partydeciding whether to answer and join the call into this encryptionconference telephone.

In order to solve the above-mentioned technical problem, the presentinvention further provides a system for pre-accessing a conferencetelephone, comprising a pre-accessing processing unit and a call typedetection unit of a network side, wherein,

the call type detection unit is configured to: after receiving aconference telephone initiated by a main control party, detect areceived call whose target is the main control party, and transmit adetection result to the pre-accessing processing unit;

the pre-accessing processing unit is configured to: according to thedetection result transmitted by the call type detection unit, if thecall is a non-encryption conversation, not access the call; if the callis an encryption conversation, allow to access the call.

Wherein, the call type detection unit is configured to detect the callaccording to the following way:

if a call establishment message of the call comprises a call type andthe call type is encryption, then judging the call as an encryptionconversation; otherwise, judging the call as a non-encryptionconversation.

The system further comprises a call type adding module in a terminal,wherein,

the call type adding module is configured to: when a call is initiated,add the call type through a user—user information element (UUIE) fieldin the call establishment message, and when content of the UUIE field is“ENCRYPTION VOICE”, that the call type is encryption is indicated.

The system further comprises a network side hardware encryption moduleof the network side and a terminal hardware encryption module of theterminal, wherein:

the terminal hardware encryption module is configured to: when theterminal is a terminal of sending party, use a cipher key (CK) of thesending party as an operational factor to encrypt uplink voice data, andupload the encrypted voice data to the network side; and when theterminal is a terminal of receiving party, after receiving downlinkvoice data, use the CK of the receiving party as the operational factorto perform the decryption on the received downlink voice data;

the network side hardware encryption module is configured to: afterreceiving the encrypted voice data uploaded by the sending party, andafter performing the decryption by using the CK of the sending party asthe operational factor, and then use the CK of the receiving party asthe operational factor to encrypt the voice data, and send the encryptedvoice data to the receiving party.

In order to solve the above-mentioned technical problem, the presentinvention further provides a network side device, comprising apre-accessing processing unit and a call type detection unit, wherein,

the call type detection unit is configured to: after receiving aconference telephone initiated by a main control party, detect areceived call whose target is the main control party, and transmit adetection result to the pre-accessing processing unit;

the pre-accessing processing unit is configured to: according to thedetection result transmitted by the call type detection unit, if thecall is a non-encryption conversation, not access the call; if the callis an encryption conversation, allow to access the call.

Wherein, the call type detection unit is configured to detect the callaccording to the following way:

if a call establishment message of the call comprises a call type andthe call type is encryption, then judging the call as an encryptionconversation; otherwise judging the call as a non-encryptionconversation.

Wherein, the call type detection unit detects the call through the calltype added by a user—user information element (UUIE) field in the callestablishment message, and when content of the UUIE field is “ENCRYPTIONVOICE”, that the call type is encryption is indicated.

The device further comprises a network side hardware encryption module,wherein:

the network side hardware encryption module is configured to: afterreceiving the encrypted voice data that a terminal of the sending partyuses a cipher key (CK) of the sending party as an operational factor toencrypt uplink voice data and upload the encrypted voice data to thenetwork side device, and after performing the decryption by using the CKof the sending party as the operational factor, and then use the CK ofthe receiving party as the operational factor to encrypt the voice data,and send the encrypted voice data to the receiving party.

The present invention provides a method, system and network side devicefor pre-accessing a conference telephone, thus it realizes pre-accessingthe encryption conference telephone, which improves the security of theencryption conversation and also avoids the problem that the userfrequently receives the interference when performing the encryptionconference telephone. The technological scheme of the present inventionhas stronger generality and practicability. In addition, the function ismainly realized by the network side, and there are hardly more changesrequired to be done for the terminal except for increasing theencryption conversation type.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a flow chart of voice encryption and decryption in the presentinvention;

FIG. 2 is a flow diagram of realizing pre-accessing an encryptionconference telephone according to an embodiment of the presentinvention.

PREFERRED EMBODIMENTS OF THE PRESENT INVENTION

The basic idea of the present invention lies in that a pre-accessingscheme of encrypted multiparty conversation is provided, which is basedon the terminal and core network using the CK to perform the hardwareencryption on the voice at the same time and realizes the pre-accessingof the encryption conference telephone, in order to guarantee thesecurity of the conference telephone.

Based on the above-mentioned idea, the method for realizingpre-accessing the encryption conference telephone provided in thepresent invention adopts the following technical scheme specifically:

a network side detecting a received call whose target is the maincontrol party after the main control party initiates an encryptionconference telephone; if the call is a non-encryption conversation, thennot accessing the call; if the call is an encryption conversation, thenallowing to access the call.

Wherein, the main control party can be a calling terminal and also canbe a called terminal.

Furthermore, the network side detects the call according to thefollowing way:

if a call establishment message of the call comprises a call type andthe call type is encryption, then judging the call as an encryptionconversation; otherwise judging the call as a non-encryptionconversation.

Furthermore, the call type is realized through a user—user informationelement (UUIE) field, and when content of the UUIE field is “ENCRYPTIONVOICE”, it indicates that the call type is encryption.

Furthermore, the method further includes:

after the network side allows to access the call, the main control partydeciding whether to answer and join the call into this encryptionconference telephone.

According to the above-mentioned method for pre-accessing the encryptionconference telephone, the calling terminal provides the call type (thecalling is defined when initiating the call) according to theappointment, and the network judges the call type and performs thepre-accessing processing. Wherein, the encryption conversation type canbe indicated by adopting the User-User Information Element (UUIE) field,for example, it is self-defined as “ENCRYPTION VOICE”. The terminal usesthe UUIE field to indicate the encryption conversation type and cantransmit as a carrier by SETUP signaling, and the network and the calledterminal can both obtain the content of the field in order to inquirethe call type. The initiating party of the conference registers thethree-party conversation service in the network side at first, and afterinitiating the conference telephone, all incoming calls which are forthe main control party are pre-processed by the network side. If judgingthat the call type of the incoming call is non-encryption, then thenetwork does not access the conversation and prompts the user that thecalled party is on the phone and is inconvenient to answer; if judgingthat the call type of the incoming call is encryption, that is, thecontent of the UUIE field is “ENCRYPTION VOICE”, then the incoming callis accessed and notified to the main control party, and then the maincontrol party decides whether to answer and join the call in theconference telephone.

In addition, in the present invention, after entering into theConversion state, the terminal and network side of the encryptionconference telephone need to encrypt and decrypt the uplink and downlinkvoice data of the voice conversation, specifically including:

a calling terminal using a cipher key (CK) of a sending party as anoperational factor to perform the encryption on uplink voice data, anduploading the encrypted voice data to the network side; and

after the network side receives the encrypted voice data and afterperforming the decryption by using the CK of the sending party as theoperational factor, and then using the CK of a receiving party as theoperational factor to encrypt the voice data, and sending the encryptedvoice data to a called terminal; the called terminal using the CK of thereceiving party as the operational factor to decrypt received downlinkvoice data.

In order to make the objective, the technical scheme and advantage ofthe present invention more clear and obvious, the present invention isdescribed in detail with reference to the accompanying drawings and incombination with embodiments hereinafter. It should be understood thatthe embodiment described here is only used to explain the presentinvention, and not to limit the present invention. It should beillustrated that, in the case of no conflicts, the embodiments in thepresent application and features in these embodiments can be combinedwith each other.

The encryption and decryption flow of the voice conversation of theencryption conference telephone used by the embodiment of the presentinvention is shown in FIG. 1. Since Ki, as the root cipher key of themobile communication network, has very high confidentiality andsecurity, so the embodiment of the present invention adopts theoperational factor CK to perform the encryption and decryption on thevoice data. Referring to FIG. 1, the encryption and decryption flow ofthe conference telephone of the present embodiment is described asfollows:

the calling terminal uses the operational factor CK1 of the calling sideto encrypt the gathered original data and uploads the encrypted AdaptiveMulti Rate (AMR) voice data to the network, and after the network sidereceives the AMR voice data, it uses the same operational factor CK1 todecrypt the voice data, and then it uses the operational factor CK2 ofthe called party to encrypt the voice data and sends the data to thecalled terminal, and the called terminal uses the same operationalfactor CK2 to decrypt the received AMR voice data. The CK3 and CK4 inthe figure are used in one reverse process, and their functions are sameas the functions of CK1 and CK2. Wherein, the CK is changeable in eachprocess of conversation establishment.

FIG. 2 is a flow diagram of realizing pre-accessing an encryptionconference telephone according to an embodiment of the presentinvention. Combining with FIG. 2, the specific steps of the flow aredescribed as follows:

in step 201: the main control party registers the three-partyconversation service at the network side, and initiates the conferencetelephone;

in step 202: the network side receives the incoming call, and the calleduser is a main control party of this conference telephone;

in step 203: the network detects the conversation type of the incomingcall, which is specifically to detect whether the UUIE field is aself-defined encryption type “ENCRYPTION VOICE” in the presentembodiment, if yes, step 205 is executed, if not, step 204 is executed;

in step 204: if the conversation type is the common call, then thecalling user is prompted that the called party is on the phone and isinconvenient to answer, and then the incoming call ends;

in step 205: if the conversation type is the encrypted call, theincoming call is accessed and notified to the main control party of theconference telephone;

in step 206: the main control party decides whether to access the newincoming call according to the actual conditions, for example,discussing with other members of the conference telephone whether toaccept it;

in step 207: the main control party answers the incoming call, and joinsit into the conference telephone;

in step 208: the main control party is convenient to answer the incomingcall, and refuses the incoming call directly.

According to the above-mentioned steps, it can realize the method andprocess described by the present invention.

The system of realizing pre-accessing the encryption conferencetelephone provided by the embodiment of the present invention is toconfigure a hardware encryption module in the terminal and the corenetwork exchanging unit, and perform the encryption and decryption onthe uplink and downlink voice data.

The terminal of sending party sends the AMR voice to the terminalhardware encryption module to perform the X encryption operation, andthe CK of sending party is used as the encryption operational factor,thus obtaining the encrypted AMR voice frame and uploading the encryptedAMR voice frame to the network side;

The network side sends the encrypted voice frame and the CK of sendingparty to the network side hardware encryption module, and the networkhardware encryption module uses the X algorithm to perform thedecryption on the voice data by taking the CK of sending party as theoperational factor, and then uses the X algorithm again to perform theencryption on the voice data by taking the CK of receiving party as theoperational factor, and returns the operation result to the networkdevice, and then the network device sends the encrypted voice frame tothe terminal of receiving party;

The receiving party, after obtaining the downlink voice data, sends theencrypted voice data and the CK of receiving party to the terminalhardware encryption module to perform the decryption, thus obtaining thecommon voice frame. The following processing is the same as that of thecommon voice call, sending the decrypted AMR voice data to the DigitalSignal Processor (DSP) and obtaining the Pulse Code Modulation (PCM)data, and sending the PCM data to the vocoder to product sound.

By adopting this kind of encryption way, it is unable to monitor at thenetwork side, and it is equivalent to the double encryption ontransmission in the wireless environment as well, which is moreconfidential and secure.

Specifically, the system for realizing pre-accessing an encryptionconference telephone provided by the embodiment of the present inventionincludes a pre-accessing processing unit and a call type detection unitof a network side, wherein,

the call type detection unit is configured to: after receiving aconference telephone initiated by a main control party, detect areceived call whose target is the main control party, and transmit adetection result to the pre-accessing processing unit;

the pre-accessing processing unit is configured to: according to thedetection result transmitted by the call type detection unit, if thecall is a non-encryption conversation, not access the call; if the callis an encryption conversation, allow to access the call.

Furthermore, the call type detection unit is configured to detect thecall according to the following way:

if a call establishment message of the call comprises a call type andthe call type is encryption, then judging the call as an encryptionconversation; otherwise judging the call as a non-encryptionconversation.

Furthermore, the system further includes a call type adding module in aterminal, wherein,

the call type adding module is configured to: when the call isinitiated, add the call type through a user—user information element(UUIE) field in the call establishment message, and when content of theUUIE field is “ENCRYPTION VOICE”, it indicates that the call type isencryption.

Furthermore, the system further includes a network side hardwareencryption module and a terminal hardware encryption module, wherein:

the terminal hardware encryption module is configured to: when using acipher key (CK) of the sending party as an operational factor to encryptuplink voice data, and upload the encrypted voice data to the networkside; and after receiving downlink voice data, use the CK of thereceiving party as the operational factor to decrypt the receiveddownlink voice data;

the network side hardware encryption module is configured to: afterreceiving the encrypted voice data uploaded by the sending party andafter performing the decryption by using the CK of the sending party asthe operational factor, then use the CK of the receiving party as theoperational factor to encrypt the voice data, and send the encryptedvoice data to the receiving party.

The present embodiment further provides a network side device, includinga pre-accessing processing unit and a call type detection unit, wherein,

the call type detection unit is configured to: after receiving aconference telephone initiated by a main control party, detect areceived call whose target is the main control party, and transmit adetection result to the pre-accessing processing unit;

the pre-accessing processing unit is configured to: according to thedetection result transmitted by the call type detection unit; if thecall is a non-encryption conversation, not access the call; if the callis an encryption conversation, allow to access the call.

The call type detection unit is configured to detect the call accordingto the following way:

if a call establishment message of the call comprises a call type andthe call type is encryption, judging the call as an encryptionconversation; otherwise judging the call as a non-encryptionconversation.

The call type detection unit detects the call through the call typeadded by a user—user information element (UUIE) field in the callestablishment message, and when content of the UUIE field is “ENCRYPTIONVOICE”, it indicates that the call type is encryption.

The device further includes a network side hardware encryption module,wherein:

the network side hardware encryption module is configured to: afterreceiving the encrypted voice data that a terminal of the sending partyuses a cipher key (CK) of the sending party as an operational factor toencrypt uplink voice data and upload the encrypted voice data to thenetwork side device, and after performing the decryption by using the CKof the sending party as the operational factor, then use the CK of thereceiving party as the operational factor to encrypt the voice data, andsend the encrypted voice data to the receiving party.

The above description is only the preferred embodiments of the presentinvention and is not intended to limit the present invention. Thepresent invention can have a variety of other embodiments. Those skilledin the art can make the corresponding modifications and variationsaccording to the present invention without departing from the spirit andessence of the present invention. And all of these modifications or thevariations should be included in the protection scope of the appendedclaims of the present invention.

It can be understood by those skilled in the art that all or part ofsteps in the above-mentioned method can be fulfilled by programsinstructing the relevant hardware components, and the programs can bestored in a computer readable storage medium, such as a read onlymemory, a magnetic disk or an optical disk, etc. Alternatively, all orpart of the steps in the above-mentioned embodiments can be implementedwith one or more integrated circuits. Accordingly, each module/unit inthe above-mentioned embodiments can be implemented in the form ofhardware, or in the form of software function module. The presentinvention is not limited to any specific form of the combination of thehardware and software.

INDUSTRIAL APPLICABILITY

The present invention realizes pre-accessing the encryption conferencetelephone, which improves the security of the encryption conversation,and also avoids the problem that the user frequently receives theinterference when performing the encryption conference telephone. Thetechnological scheme of the present invention has stronger generalityand practicability. In addition, the function is mainly realized by thenetwork side, and there are hardly more changes required to be done forthe terminal except for increasing the encryption conversation type.

What we claim is:
 1. A method for pre-accessing a conference telephonecall, comprising: performing, by a network side device, registration ofa three-party conversation service for a main control party, andreceiving, by the network side device, an encrypted conference telephonecall initiated by the main control party; initiating, by a terminal, acall whose target is the main control party, wherein the terminal adds acall type for indicating whether the call is encrypted into a callestablishment message of the call to the main control party wheninitiating the call; receiving and detecting, by the network sidedevice, the call whose target is the main control party and determining,by the network side device, whether the call is an encryptedconversation according to the call type in the call establishmentmessage, wherein if the call type is encryption, the network side devicedetermines that the call is an encrypted conversation, otherwise thenetwork side device determines that the call is a non-encryptedconversation; denying, by the network side device which has registeredthe three-party conversation service for the main control party, accessof the call to the main control party if the call is a non-encryptedconversation; and allowing, by the network side device which hasregistered the three-party conversation service for the main controlparty, access of the call to the main control party if the call is anencrypted conversation.
 2. The method according to claim 1, wherein, thecall type is contained in a user-user information element (UUIE) fieldin the call establishment message, and when content of the UUIE field is“ENCRYPTION VOICE”, that the call type is encryption is indicated. 3.The method according to claim 1, further comprising: after the encryptedconference telephone call enters a conversation state, performing, byterminals of the encrypted conference telephone call as well as by thenetwork side device, encryption and decryption on voice data of theconversation.
 4. The method according to claim 3, wherein, the step ofperforming encryption and decryption on voice data of the conversationcomprises: using, by a calling terminal, a cipher key (CK) of a sendingparty as an operational factor to encrypt uplink voice data, anduploading the encrypted voice data to the network side device; after theencrypted voice data is received by the network side device, performing,by the network side device, decryption of the encrypted voice data byusing the CK of the sending party as the operational factor, then thenetwork side device using a CK of a receiving party as the operationalfactor to encrypt the voice data, and sending the encrypted voice datato a called terminal; and using, by the called terminal, the CK of thereceiving party as the operational factor to decrypt received downlinkvoice data.
 5. The method according to claim 1, further comprising:after access of the call to the main control party is allowed by thenetwork side device, deciding, by the main control party, whether toanswer and join the call into this encrypted conference telephone call.6. The method according to claim 2, further comprising: after theencrypted conference telephone call enters a conversation state,performing, by terminals of the encrypted conference telephone call aswell as by the network side device, encryption and decryption on voicedata of the conversation.
 7. A system for pre-accessing a conferencetelephone call, comprising a network side device and a terminal,wherein, the network side device is configured to: perform registrationof a three-party conversation service for a main control party, andreceive an encrypted conference telephone call initiated by the maincontrol party; the terminal is configured to initiate a call whosetarget is the main control party, wherein the terminal adds a call typefor indicating whether the call is encrypted into a call establishmentmessage of the call to the main control party when initiating the call;and the network side device is configured to: receive and detect thecall whose target is the main control party and determine whether thecall is an encrypted conversation according to the call type in the callestablishment message, wherein if the call type is encryption, determinethat the call is an encrypted conversation, otherwise determine that thecall is a non-encrypted conversation; wherein the network side devicewhich has registered the three-party conversation service for the maincontrol party denies access of the call to the main control party if thecall is a non-encrypted conversation, and allows access of the call tothe main control party if the call is an encrypted conversation.
 8. Thesystem according to claim 7, wherein, the terminal is configured to:when initiating the call, add the call type in a user-user informationelement (UUIE) field in the call establishment message, and when contentof the UUIE field is “ENCRYPTION VOICE”, that the call type isencryption is indicated.
 9. The system according to claim 7, wherein thenetwork side device includes a network side hardware encryption moduleand the terminal includes a terminal hardware encryption module,wherein: the terminal hardware encryption module is configured to: whenthe terminal is a terminal of a sending party, use a cipher key (CK) ofthe sending party as an operational factor to encrypt uplink voice data,and upload the encrypted voice data to the network side; and when theterminal is a terminal of a receiving party, after receiving downlinkvoice data, use a CK of the receiving party as the operational factor toperform the decryption on the received downlink voice data; the networkside hardware encryption module is configured to: after receiving theencrypted voice data uploaded by the sending party, perform decryptionof the encrypted voice data by using the CK of the sending party as theoperational factor, then use the CK of the receiving party as theoperational factor to encrypt the voice data, and send the encryptedvoice data to the receiving party.
 10. The system according to claim 8,wherein the network side device includes a network side hardwareencryption module and the terminal includes a terminal hardwareencryption module, wherein: the terminal hardware encryption module isconfigured to: when the terminal is a terminal of a sending party, use acipher key (CK) of the sending party as an operational factor to encryptuplink voice data, and upload the encrypted voice data to the networkside; and when the terminal is a terminal of a receiving party, afterreceiving downlink voice data, use a CK of the receiving party as theoperational factor to perform the decryption on the received downlinkvoice data; the network side hardware encryption module is configuredto: after receiving the encrypted voice data uploaded by the sendingparty, perform decryption of the encrypted voice data by using the CK ofthe sending party as the operational factor, then use the CK of thereceiving party as the operational factor to encrypt the voice data, andsend the encrypted voice data to the receiving party.
 11. A network sidedevice, comprising a processor, wherein, the processor is configured to:perform registration of a three-party conversation service for a maincontrol party, and receive an encrypted conference telephone callinitiated by the main control party; and when a terminal initiates acall whose target is the main control party, wherein the terminal adds acall type for indicating whether the call is encrypted into a callestablishment message of the call to the main control party wheninitiating the call, the processor is configured to: receive and detectthe call whose target is the main control party and determine whetherthe call is an encrypted conversation according to the call type in thecall establishment message, wherein if the call type is encryption,determine that the call is an encrypted conversation, otherwisedetermine that the call is a non-encrypted conversation; wherein thenetwork side device which has registered the three-party conversationservice for the main control party denies access of the call to the maincontrol party if the call is a non-encrypted conversation, and allowsaccess of the call to the main control party if the call is an encryptedconversation.
 12. The device according to claim 11, wherein, the calltype is contained in a user-user information element (UUIE) field in thecall establishment message, and when content of the UUIE field is“ENCRYPTION VOICE”, that the call type is encryption is indicated. 13.The device according to claim 11, further comprising a network sidehardware encryption module, wherein: the network side hardwareencryption module is configured to: after receiving encrypted voice datathat is encrypted by a terminal of a sending party by using a cipher key(CK) of the sending party as an operational factor and uploaded to thenetwork side device, perform decryption of the encrypted voice data byusing the CK of the sending party as the operational factor, then use aCK of a receiving party as the operational factor to encrypt the voicedata, and send the encrypted voice data to the receiving party.
 14. Thedevice according to claim 12, further comprising a network side hardwareencryption module, wherein: the network side hardware encryption moduleis configured to: after receiving encrypted voice data that is encryptedby a terminal of a sending party by using a cipher key (CK) of thesending party as an operational factor and uploaded to the network sidedevice, perform decryption of the encrypted voice data by using the CKof the sending party as the operational factor, then use a CK of areceiving party as the operational factor to encrypt the voice data, andsend the encrypted voice data to the receiving party.